Deps.rs

rustfft 6.3.0

[![dependency status](https://deps.rs/crate/rustfft/6.3.0/status.svg)](https://deps.rs/crate/rustfft/6.3.0)

This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate rustfft

Dependencies

(6 total, 1 possibly insecure)

CrateRequiredLatestStatus
 num-complex^0.40.4.6up to date
 num-integer^0.1.400.1.46up to date
 num-traits^0.20.2.19up to date
 primal-check^0.3.30.3.4up to date
 strength_reduce^0.2.40.2.4up to date
 transpose ⚠️^0.20.2.3maybe insecure

Dev dependencies

(7 total, 5 outdated)

CrateRequiredLatestStatus
 bumpalo=3.14.03.17.0out of date
 getrandom^0.20.3.2out of date
 libc=0.2.1630.2.172out of date
 once_cell=1.20.21.21.3out of date
 paste^1.0.91.0.15up to date
 rand^0.80.9.1out of date
 wasm-bindgen-test^0.3.360.3.50up to date

Security Vulnerabilities

transpose: Buffer overflow due to integer overflow in `transpose`

RUSTSEC-2023-0080

Given the function transpose::transpose:

fn transpose<T: Copy>(input: &[T], output: &mut [T], input_width: usize, input_height: usize)

The safety check input_width * input_height == output.len() can fail due to input_width * input_height overflowing in such a way that it equals output.len(). As a result of failing the safety check, memory past the end of output is written to. This only occurs in release mode since * panics on overflow in debug mode.

Exploiting this issue requires the caller to pass input_width and input_height arguments such that multiplying them overflows, and the overflown result equals the lengths of input and output slices.